This article is from the source 'bbc' and was first published or seen on . The next check for changes will be
You can find the current article at its original source at https://www.bbc.com/news/articles/c8rv83mrlyyo
The article has changed 3 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Hackers say they have deleted children's pictures and data after nursery attack backlash | |
| (about 4 hours later) | |
| Hackers who attempted to extort a nursery chain by posting stolen images and data about children on the darknet have removed the posts and claim to have deleted the information. | Hackers who attempted to extort a nursery chain by posting stolen images and data about children on the darknet have removed the posts and claim to have deleted the information. |
| The criminals began posting profiles of the children to their website last Thursday, adding another 10 children days later and vowing to continue until Kido Schools paid a ransom in Bitcoin. | The criminals began posting profiles of the children to their website last Thursday, adding another 10 children days later and vowing to continue until Kido Schools paid a ransom in Bitcoin. |
| The criminals also contacted parents directly with threatening phone calls whilst trying to get their ransom paid. | The criminals also contacted parents directly with threatening phone calls whilst trying to get their ransom paid. |
| But public revulsion at their attack appears to have forced the criminals to backtrack. | But public revulsion at their attack appears to have forced the criminals to backtrack. |
| First they blurred the images but kept the data up - now they have taken all the information offline, and apologised for their actions. | First they blurred the images but kept the data up - now they have taken all the information offline, and apologised for their actions. |
| Their apparent change of heart has been met with scepticism by experts, who had previously condemned the targeting of nurseries as a "new low" for cyber-criminals. | Their apparent change of heart has been met with scepticism by experts, who had previously condemned the targeting of nurseries as a "new low" for cyber-criminals. |
| "This is more about pragmatism than morality," said cyber-security expert Jen Ellis. | "This is more about pragmatism than morality," said cyber-security expert Jen Ellis. |
| "These criminals are clearly shocked and worried by the attention their hack has caused and they are trying to protect themselves or their brand." | "These criminals are clearly shocked and worried by the attention their hack has caused and they are trying to protect themselves or their brand." |
| 'Comfort for parents' | 'Comfort for parents' |
| The hackers claim to have deleted everything they took - which included the private details and pictures of around 8,000 children as well as contact information for parents and carers. | The hackers claim to have deleted everything they took - which included the private details and pictures of around 8,000 children as well as contact information for parents and carers. |
| "All child data is now being deleted. No more remains and this can comfort parents," one of the cyber-criminals involved told the BBC. | "All child data is now being deleted. No more remains and this can comfort parents," one of the cyber-criminals involved told the BBC. |
| It's understood Kido have not paid the hackers a ransom which was thought to be around £600,000. | It's understood Kido have not paid the hackers a ransom which was thought to be around £600,000. |
| Past cases have shown that hackers often say they have deleted stolen data and been found to have kept it or sold it on. | Past cases have shown that hackers often say they have deleted stolen data and been found to have kept it or sold it on. |
| When the UK's National Crime Agency took down the cyber crime gang LockBit they discovered troves of data still on the criminal's servers that victims had paid to be deleted. | When the UK's National Crime Agency took down the cyber crime gang LockBit they discovered troves of data still on the criminal's servers that victims had paid to be deleted. |
| The nursery hackers, calling themselves Radiant, appear to be concerned that their hack has crossed an undefined moral line since the public outcry began against them. | The nursery hackers, calling themselves Radiant, appear to be concerned that their hack has crossed an undefined moral line since the public outcry began against them. |
| "We are sorry for hurting kids," the cyber-criminals told BBC News. | "We are sorry for hurting kids," the cyber-criminals told BBC News. |
| It's not known who the hackers or hacker are but they appear to be a new and possibly inexperienced group. | It's not known who the hackers or hacker are but they appear to be a new and possibly inexperienced group. |
| Their darknet site is newly created but they claim to have carried out other hacks in the past. | Their darknet site is newly created but they claim to have carried out other hacks in the past. |
| This isn't the first time that cyber-criminals have backtracked on an attack. | This isn't the first time that cyber-criminals have backtracked on an attack. |
| In 2020 a gang using Dopplepaymer ransomware gifted their encryption key to a German hospital after the chaos contributed to the death of an emergency care patient. | In 2020 a gang using Dopplepaymer ransomware gifted their encryption key to a German hospital after the chaos contributed to the death of an emergency care patient. |
| When Conti hackers attacked the Irish Health Service in 2021 they too gave their antidote away for free claiming not to have deliberately targeted hospitals. | When Conti hackers attacked the Irish Health Service in 2021 they too gave their antidote away for free claiming not to have deliberately targeted hospitals. |
| Months before, criminals from the Darkside group took the strange decision to post proof that they had donated some of their ill-gotten bitcoin to charities. | Months before, criminals from the Darkside group took the strange decision to post proof that they had donated some of their ill-gotten bitcoin to charities. |
| The nursery hackers claimed they broke into the nursery's systems by buying access to one of Kido's staff computers which was compromised by a separate hacker. | The nursery hackers claimed they broke into the nursery's systems by buying access to one of Kido's staff computers which was compromised by a separate hacker. |
| In a common process, the "initial access broker" sold the Kido access to Radiant, which went on to further infiltrate Kido's systems and steal the data. | In a common process, the "initial access broker" sold the Kido access to Radiant, which went on to further infiltrate Kido's systems and steal the data. |
| The majority of the downloaded material including the pictures of children was taken from Kido's account with Famly - a popular early years education platform . | The majority of the downloaded material including the pictures of children was taken from Kido's account with Famly - a popular early years education platform . |
| Famly has rejected Kido's message to parents that the breach happened as a result of Famly being compromised. | Famly has rejected Kido's message to parents that the breach happened as a result of Famly being compromised. |
| It has stressed to the BBC that neither the security or infrastructure of the platform has been compromised at any point. | It has stressed to the BBC that neither the security or infrastructure of the platform has been compromised at any point. |
| Kido did not respond to a request for comment about the way the hackers stole the data. | Kido did not respond to a request for comment about the way the hackers stole the data. |
| A spokesperson said only that: "We recently identified and responded to a cyber incident. We are working with external specialists to investigate and determine what happened in more detail. | A spokesperson said only that: "We recently identified and responded to a cyber incident. We are working with external specialists to investigate and determine what happened in more detail. |
| "We swiftly informed both our families and the relevant authorities and continue to liaise closely with them." | "We swiftly informed both our families and the relevant authorities and continue to liaise closely with them." |
| Radiant says it paid the initial access broker money for access to Kido's system. | Radiant says it paid the initial access broker money for access to Kido's system. |
| So with Kido refusing to pay and the hackers giving up their extortion attempt the criminals appear to have actually lost money in this cyber-attack. | So with Kido refusing to pay and the hackers giving up their extortion attempt the criminals appear to have actually lost money in this cyber-attack. |
| Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here. | Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here. |